Glossary of Compliance

Compliance Glossary

Our list of curated compliance glossary offers everything you to know about compliance in one place.

Glossary » PCI DSS » Cardholder Data

Cardholder Data

Cardholder data (CD) consists of all personally identifiable information (PII), such as the cardholder’s name, card number, expiration date, and CVV security code of the individual with a credit or debit card. This is sensitive card information subject to security regulations like PCI DSS. Banks, payment merchants, and other entities that store and process this data must have adequate security measures to protect the cardholder’s data from security threats. Failure to protect cardholder data can land you in legal problems, and there are financial penalties as well.

Additional reading

NYDFS Cybersecurity Regulation: Ensuring Financial Security Compliance

TL,DR: NYDFS Cybersecurity Regulation applies to DFS-regulated financial entities operating under New York authorization. Requirements include a cybersecurity program, policies, governance, vulnerability management, audit trails, and superintendent notification. The article explains applicability, exemptions, notices, compliance steps, and controls for covered entities. On November 1, 2023, governor Kathy Hochul announced that the New York State Department…

ISO 42001 Checklist: Your Interactive Audit-Readiness Guide

TL;DR ISO 42001 checklists turn the standard’s clauses and Annex A controls into concrete tasks, owners, and evidence. ISO/IEC 42001:2023 is the first certifiable AI management standard, built on the Plan-Do-Check-Act loop. Successful implementation follows six stages: scoping, gap analysis, building the AIMS framework, control implementation, certification audit, and continuous improvement. AI-specific controls like bias…

Consequences of Non-Compliance: Fines, Failures, and Fallout

TL,DR: Cumulative GDPR fines reached €5.88 billion globally as of 2025, with non-compliance leading to 7 major consequences including regulatory fines, revenue loss, legal action, operational disruptions, and reputational damage Common triggers include outdated policies, unencrypted logs, missing audit trails, unreviewed vendor assessments, disabled MFA, and publicly exposed cloud storage buckets across organizational infrastructure Non-compliance…

Sprinto: Your growth superpower

Use Sprinto to centralize security compliance management – so nothing
gets in the way of your moving up and winning big.